Pages

Monday, 16 September 2013

This is a 1-page basic guide to data protection law, particularly relevant to open data / big data in cases where the data processed involve 'personal data'.

Data protection law in a nutshell

To tech folk, 'data protection' usually means IT security. To lawyers, 'data protection' usually means data protection laws. There's some overlap, but they're not the same. I'm just going to use 'data protection' in the legal sense.

Data protection is also not the same as privacy. Again, there's some overlap, but technically they're different. Data protection laws can even apply to public data, ie non-private personal data. Privacy law in the UK has largely been developed by the courts under Article 8 of the European Convention on Human Rights to protect people against the misuse of their private information (mostly, celebs who can afford to litigate).

There are also laws about the use of confidential information, which could cover some corporate commercial data:So what's data protection really? Well, EU data protection laws apply to the 'processing' of 'personal data', with exceptions eg for national security, or processing for personal purposes like keeping your personal contacts in an electronic addressbook(though at least one council has tried to argue that bloggers should be liable under data protection laws - see the full correspondence).

Data protection laws are really broad because 'processing' is almost anything you can do with or to personal data where it's been digitised at some point in the process, including just storing, transmitting or disclosing personal data as well as actively working on it. And 'personal data' is basically anything that can be linked to an identified or identifiable living individual ('data subject'), so something that's not 'personal data' one minute could become 'personal data' the next if it's become linked to an identifiable person through big data crunching, for instance.

Data protection law requires 'controllers', ie anyone who controls the 'purposes and means' of processing personal data, to process personal data according to certain key principles (regarding not only the use or abuse of personal data but also issues such as data accuracy and security), with tighter rules for certain sensitive information like health-related data. Failure to do so may be punished, mainly by the regulator (who in serious cases can fine up to £500k in the UK), or in some very limited cases the affected data subjects could try to stop the processing or sue for compensation. Breach of principles could also be a criminal offence in some situations. Controllers must register with or notify the national regulator and pay fees.

The concept of anonymous data is recognised. The approach taken is quite binary, in the sense that if something is 'personal data', all data protection law rules apply to it, so it must be processed in compliance with the principles etc; whereas if it's not 'personal data' but anonymous data, then none of them do. Of course in actuality the dividing line is harder to draw, but the law is what it is. Many laws are like this, claiming to apply to things in different ways depending on whether or not they fit within a set category or categories, implicitly assuming that there are bright lines between them, when in fact it's often hard to work out which if any category a real situation fits into, and technological, social and business developments can make the dividing lines even blurrier over time.

Something is not 'personal data' if it's been anonymised so that individuals can't be identified by any means 'likely reasonably' to be used to attempt de-anonymisation, including by combining it with other data (note: that refers to the means likely to be used, not the means actually used: if you can re-identify, eg because the anonymisation hasn't been done very well, the 'anonymous' data are still personal data even if you don't actually do it). This again means that as re-identification methods improve, something which used to be anonymous data could become 'personal data' when techniques get to the point that the data could be deanonymised. [Clarification: the 'likely reasonably' wording is from the EU Directive. For the UK-specific position and summaries of cases, see the Anonymisation Code of Practice]

EU data protection law comes from the Data Protection Directive. This applies to countries in the European Economic Area (I've done a Venn diagram showing the differences between EEA, EU, Europe and Council of Europe). As this is a Directive, not a Regulation, EEA countries have room to implement it differently, so detailed data protection laws may vary with the country - and do, sometimes significantly. For example, some countries protect the 'personal data' of organisations as well as people (the UK doesn't). The rules on security are about a few paragraphs long in the UK, several pages long in Italy.

The ICO is the UK's data protection (and freedom of information) regulator. It's published lots of useful info both for data subjects and for those who process personal data, so do rootle around its website.

I should also mention the Article 29 Working Party, the group of EU data protection regulators collectively. It's produced many opinions and other documentation, including on:

So there's lots of guidance out there, it's just that most people who aren't data protection specialists don't know about it (and, of course, may not know how to understand or apply it in practice).

But note that regulators' guides and opinions aren't legally binding - only a court case can provide definitive guidance. However, if you follow a regulator's guidance, you're of course less likely to find yourself in its enforcement sights.

General info

the 8 Data Protection Principles, which say that personal data must be:- Fairly and lawfully processed- Processed for limited purposes- Adequate, relevant and not excessive- Accurate and up to date- Not kept for longer than is necessary- Processed in line with data subject rights- Secure (including the 'technical and organisational measures' mentioned in the first diagram above)- Not transferred to other countries without adequate protection

the mobile trade association MEF has just launched a free online privacy notice generator for apps, AppPrivacy, developed by a global working group. It's not necessarily enough by itself to ensure you're compliant under your own national laws, of course, but it's much better than having no privacy notice at all (here's a developer's experiences with testing it).

Privacy impact assessments (PIA) before you launch a new product or service (this is a US example, but remember Google's record fine for its Safari tracking, which was said to break the promises it had made the US FTC after the Buzz fiasco? Conducting a PIA before either launch might have helped…)

the cookie law is a separate law, and has to be complied with in addition to data protection laws

the cookies law could apply to storage of or access to info in anything which is 'terminal equipment' (which might include sensors, smartwatches etc), even if no personal data are involved - ie even when accessing supposedly anonymous data. So cue more privacy notices….

For data subjects (whose data are being processed)

Note, this is not the same as requesting info from a public authority under freedom of information laws (there's FOI guidance too). They're meant to be mutually exclusive: you can't request personal data under FOI.

You could also sue for compensation in some situations but they're very limited, as you can tell from that link being directed at organisations and the lack of similar general info for individuals about suing! And you'd have to get lawyers to help you litigate. You could try to DIY, but that didn't work out very well for Mr Smeaton (short summary (scroll down), longer summary, another summary, full judgment).

"We can't, because of data protection"

Let's just dispel one myth. Too many organisations hide behind 'data protection' to refuse to do something that they can and indeed should do. Maybe because they just don't want to, or couldn't be bothered, or they're covering themselves and think it's just easier and safer not to do it. And they often get away with this, because too many people don't understand data protection law and believe their 'It's data protection' excuse.

That's partly the fault of data protection law and regulators, because the law is very complex and detailed, and there's tons of legislation and guidance to wade through (as well as some cases interpreting the law). But the basic principles are mostly quite straightforward (listed earlier).

Occurrences like this don't exactly fill one with confidence that things may change for the better. We can only hope that more people will learn about these myth debunkers, and that bureaucratic organisations will start applying common sense and stop using 'data protection' as a justification for introducing more unnecessary 'get in the way' red tape.

Usual weaselly disclaimers (and why you should use lawyers, and where to get free legal advice)

May I stress that all the above is general info only, not legal advice!

Lawyers say this sort of thing because legal advice needs to be tailored to your individual situation, and inevitably everyone's is different.

Also, laws don't always mean what they literally say. We'd love them to (as would the Good Law initiative), but sometimes, maybe even often, they don't. This may be because there can be layers of meaning, or qualifications, conditions and/or exceptions, so that it's sometimes necessary to wade through provision after provision, following the trail of definitions through to still further legislation, before it's possible to get even the bare bones of what something means.

For instance, 'fair and lawful' in the first principle means more than just 'fair and lawful': for processing to be 'fair and lawful', it must first fit within one of several defined boxes ('consent' is one), and it also has to be generally fair and lawful. And I've put quotes around 'consent' because 'consent' itself has a specific meaning, it's not 'consent' unless the consent was a freely-given, specific and informed indication of the data subject's agreement to their data being processed.

Or, legislation can be drafted obscurely, so it's hard to figure out what it means, and it would take a court case to find out what judges think it means. Or, legislation can be drafted by people who don't understand how technology works (yes it happens!), whether it's websites, or cloud computing. Or, the legislation is so old that it didn't properly envisage future technological developments - like copyright law controlling the right to copy rather than the right to use (book), leading to effectively all computer usage being copyright infringement because the technology works by copying. It's often hard to apply old or unsuitable laws to modern technology.

Even when an issue has gone to the courts for decision, while some judges are admirably easy to understand, with others even seasoned lawyers may get even wrinklier-browed desperately trying to figure out exactly what m'lud meant. Sometimes, it's because the judge isn't as clear as he or she could be. Other times, it's because judges are trying to do what they feel is the fair and right thing, and so may suggest or say that the law means something other than you might think it means (I dub this the Denning dimension, aka 'The little old lady wins!', sometimes manifested as 'hard cases make bad law'). That's why, while technologists may think in binary, in either/or, lawyers have to think in analogue - in shades of grey:

Lawyers with expertise in particular fields, whether data protection, intellectual property or computer law, have been trained to understand the jargon and to know or be able to work out how to reconcile all these different elements in order to determine what the workable paramenters are, and to arrive at something that can make some kind of sense in practice.

In addition, experienced practitioners should have a feel for how the law is actually enforced in real life, eg by regulators, so that they can give you some idea of how likely it is that you'll be fined or worse, and what the penalties are. Then you can decide, particularly in the (too many) areas where the law isn't clear, whether to take the risk that (a) whatever you plan to do. that might be a breach, will be found out, (b) authorities will take enforcement action against you, and (c) you'll be fined or prosecuted for it.

Of course, if you use lawyers rather than DIY, you might be able to sue them if things go wrong and it's their fault - because practising lawyers should be insured!

Finally, the internet may be global but laws are national, so different countries' laws may apply in different (or indeed the same) situations, and so you may need advice from lawyers qualified in the relevant countries.

Therefore, at some point a startup will need a lawyer. Not just to keep certain lawyers (alas not me) in mansions and private school tuition fees, but for its own benefit in terms of protecting its IP, making sure it's not breaking data protection or other laws, and certainly when it comes to that hoped-for cashing-in IPO.

Law centres, citizens advice bureaux and the Bar pro bono unit are free, but may lack specialist IT or data protection expertise. Own-IT can give free intellectual property law advice, and Queen Mary, University of London (where I'm a PhD student and working part-time) has an advice service including a Law for the Arts Centre that offers free IP law advice, but again may not necessarily have IT or data protection expertise. However, Queen Mary is also launching a new free advisory service for startups, qLegal, aimed at providing legal and regulatory advice specifically to ICT startups, where postgrad students will work with collaborating law firms and academics - so please feel free to try that!

Disclaimer: the book I linked to above is by my PhD supervisor, but I linked to it because it makes very salient points on why many laws don't work in cyberspace and how they could be made work, plus it's a good read (even for non-lawyers) - not because I'm trying to curry favour!

If you have an Amazon account you can login with that, but you still need to sign up specifically for AWS.

(For EMR only, as it costs you money to run the demo) Sign up for Elastic MapReduce (circled in blue in the screenshot below, accessible via the AWS console http://console.aws.amazon.com - you'll need to enter credit card details and possibly go through a phone verification and wait for their confirmation email before you can use EMR.

What's MapReduce?

Effectively, Hadoop is the open source version of Google's MapReduce (it also includes an open source version of Google File System and increasingly other components).

Amazon Web Services' Elastic MapReduce lets you set up and tear down Hadoop clusters (master and slaves). The demo uses R but EMR will accept eg Python, shell scripts, Ruby. You can deploy with the Boto library and Python scripts.

A map is a set of key/value pairs. The compare function usually sorts based on key/map. The reduce function collapses the map to the results. The output writer moves data to a meaningful easily-accessible single location (preventing data loss if the cluster powers down).

The master (ie the framework) organises execution, controlling one or more mapper nodes and one or more reduce nodes. The framework reads input (data file), and passes chunks to the mappers. Each mapper creates a map of the input. The framework sorts the map based on keys. It allocates a number of reducers to each mapper (the number can be specified). Reduce is called once per unique key (producing 0 or more outputs). Output is written to persistent storage.

Usually a mapper is more complex than in the demo, eg it may filter what's to be analysed etc. For less than 10 GB of data, you might run analyses on your own computer, for 10-100 GB your own servers, probably using MapReduce only for over 100GB pf data. It can process images, video files etc too - although the demo analyses words in a text file.

Canonical example of MapReduce: wordcount

Input - a series of different words eg: bla bla bla and so and.Mapped - bla 1, bla 1, bla 1, and 1, so 1, and 1. (Ie maps 'bla' to value '1').Reduced - and 2, bla 3, so 1.

Note: this assumes all input info is important, but often only part is, eg to check how often names are mentioned in a series of articles you wouldn't map everything.

The framework has readymade reducers for common map formats but you can write your own reducer.

The input file is data.txt, the mapper is mapper.R and the reducer is reducer.R.

A shell script run.sh will demo the map/reduce locally - it reads data.txt to the mapper, sorts the output and puts the output into the reducer.

Going through the code (RStudio helps):

mapper.R - see last function in the code: it reads input from stdin. hsLineReader takes and reads chunks up to 3 lines, doesn't skip anything (eg headers), then applies emit function to each chunk read. The emit function (top of code) transforms the output (1-3 lines) to a uniform processable stream, turns chunks into words (strsplit). sapply applies an anonymous inner function to each word. (paste is used for string concatenate.) The sorted results go to the reducer.

reducer.R - the final function reads from stdin and runs the reduce function on the input. This creates an array of names - vector of columns. (The chunksize can be tweaked to make it more performant depending on the calculation to be run; the default separator is tab, here it's been set to a space.) Then the process function is applied to it (written as a separate function for clarity, but it could be an anonymous inner function). This function takes each piece of map and aggregates by words using an anonymous inner function producing sums.

Running on Amazon Web Services

Create a new S3 bucket (click S3 - towards the bottom left at the moment, under 'Storage and Content Delivery'; click Create bucket; give it a unique name. NB the name must be unique for all buckets on AWS, not just for you!).

Edit the bootstrapR.sh script at the lineBOOTSTRAP_BUCKET_NAME='<your-bucket-name>'to replace it with your new bucket's name. (The code is self-explanatory, see the comments)

Open the bucket by clicking on it, rightclick inside and upload the code from Anette's model repo. (You may need to rename the R_packages folder to just R, or change it to R_packages in the script.)

All nodes in the cluster get the code applied to them.

Now in the AWS console go to Elastic MapReduce (under 'Compute and Networking') - best do this in a new browser window or it'll break your upload! Click to sign up for it, if you haven't already, including adding credit card information etc.

The next screen shows a summary of all the settings for your review, use Back to change any errors etc. When happy, click Create job flow to run it (and you'll get charged, so click Cancel if you'd rather not run it yet!).

It takes a few minutes to run. Click on the job name and click Debug to see the progress. There's a Refresh button to check if it's gone any further. Click on View jobs to see the jobs set up.

Error? If you get errors, at the top right hand side of the AWS Console click on your username, select Security Credentials, expand Access Keys and click Create New Set of Keys, then try again with Proceed without keypair (it seems that creating a new set of keys then enables you to proceed without actually using the created keys!)

Using the uploaded demo files. This is similar. In EMR create a new job flow, but this time under 'Create a job flow' choose 'Run your own application', with job type 'Streaming'.

For the Input Location use s3n://<yourbucketname>/data.txt, for the Output Location similarly the path to your bucket folder (eg Rtest.output) - it will be created if not already in existence, and can be downloaded to your own location. For Mapper, use the uploaded mapper.R file in your bucket, for Reducer the reducer.R file. Instance type small etc.

Proceed without key pair (see above if there are errors). Bootstrap action - this time choose your own custom action, and enter the path to your bucket and the bootstrapR.sh file. Continue. Create. View. Run when you're happy! (NB again it costs you money.)

Further notes: in jobs, tasks can be viewed too - you can see eg 12 mappers and 3 reducers. Output files are created one per reader, you have to stitch them back together. 0 byte files are created where there was no output from the relevant chunk.

TTIP

In TTIP, both cloud computing and data protection law will be horizontal issues spanning specific areas such as financial services, telecommunications services, computing services and global standards. It isn’t yet clear how the draft Data Protection Regulation will affect TTIP. Or indeed vice versa.

However, in terms of lobbying the EU and US on TTIP, a very helpful outline was given by Yohan Benizri. Some of this may seem self-evident, but I think it’s still useful to set it out.

Participating in consultations is very important, but that’s not in fact the most effective tool available to stakeholders. It seems that direct engagement with negotiators is more likely to lead to better results.

TTIP negotiators, on the European Commission side, will include Ignacio Garcia Bercero and Damien Levie, in DG Trade (under De Gucht), but other DGs, such as DG Connect and Justice (for cloud and privacy/data protection issues) will also be involved. DG Trade is playing a leading role, but positions and text will be developed in close cooperation with other DGs.

The best approach, again at the risk of stating the obvious, is to explain the issues and their (even if speculative) potential implications, and then suggest draft text or drafting changes to address those issues. In other words, don’t just raise the problem, but offer a possible solution too.

Forming ad hoc coalitions of organisations with common interests may also be useful, to voice collective concerns to both the EU and US sides. Indeed, suggesting the same text to both USTR and EU may help.

Other topics

More generally regarding the draft Data Protection Regulation, some EU governments have reportedly expressed the view that the draft legislation might not go through at all, because the vast gulf between the Council and the European Parliament may make agreement between them, at least within the next year or so, seem unlikely. (Of course, others have also expressed this view, eg Chris Pounder at Amberhawk, with Lionel de Souza at Hogan Lovells reporting the French government’s serious reservations about the draft Regulation.)

Full disclosure: I gave the firestarter presentation on the EU cloud strategy at this roundtable. I used to work for Sidley. But Sidley didn’t pay me for my participation, or for this blog. This blog is, obviously, mine alone.

Monday, 24 June 2013

The OFT's report on personalised pricing, which came out in May, said there was no evidence 'that retailers use information collected about individuals to offer higher prices to specific customers', eg websites tailoring their prices to the individual or adjusting prices based on visitor behaviour.

Actually, there is evidence. Due to being away, I couldn't respond to their call for information before the deadline. But now I want to recount my experience last year with a well-known travel web site. It should be reproducible, if the OFT or anyone else wants to try it (maybe not from an OFT IP address, in case they're smart enough to try to detect that and adapt!).

Search for a particular flight on a large travel site, eg from London to city X between particular dates and maybe back too. Select the dates etc, then note down the price quoted. Don't delete your cookies.

Next day (or maybe a few hours later), go back to the site using the same browser. Now, repeat the same search and selections. You'll find that the price quoted may well be higher. You might think, oh well, it's just because general prices have changed in those few hours? Think again.

Try this. Delete your cookies (and clear your browser cache for luck), then repeat the same search and selections, or else do so in a different browser which you haven't used before to visit the same site. You may find that the price is back to the original price!

This happened to me when I was searching for flights last year. I tried it again with different options, and had similar results, days later - ie higher prices on repeat searches, unless I had deleted cookies first. So this is certainly evidence that some sites are using personalised pricing at least some of the time.

I've had a similar experience on Amazon where a repeat search did not reveal that the price had been lowered for that product, but searching via a different browser showed a price decrease. However, it could have been a coincidence in that case, as I've not been able to reproduce that, though a friend has reported similar experiences. All this does mean that when I search on Amazon I'll make sure I'm not logged in first, and will be clearing cookies in between searches even if I have to login to complete a purchase.

So, beyond the OFT's letter to over 60 'leading online businesses', there's lots more that the OFT could investigate, if they want to try mystery shopping. I hope they will. This isn't just a data protection issue, it involves consumer protection more generally too.

Monday, 17 June 2013

Twitter's recent rollout of two-factor authentication (which it called 'login verification') may help a bit (notnecessarily!) to protect your Twitter account against being hacked. But beware - it will give Twitter rights to use your mobile phone number, even if you don't tweet using your smartphone.

This is why. When you go to your Twitter account settings and scroll down to Account security, it says you must add a phone to your Twitter account in order to require a verification code for sign in:

Notice that Twitter's "add a phone" page says nothing about what Twitter can do with your mobile or cellphone number:

"You may provide information to customize your account, such as a cell phone number for the delivery of SMS messages. We may use your contact information to send you information about our Services or to market to you."

and

"We may use your contact information to help others find your Twitter account, including through third-party services and client applications. Your account settings control whether others can find you by your email address or cell phone number."

In other words, these mean that, if you give your mobile phone number to Twitter, intending it to be used only for security purposes:

Twitter can use it to market to you eg send you marketing SMS text messages!

Twitter can use it to help other people track you down on Twitter if they know your phone number (even if you tweet using a pseudonym), unless you disable that in your account settings. But how? I have no idea, as I've not added my phone to Twitter, precisely for these two reasons. The settings I can see without adding my number don't seem to disallow others from finding me via my mobile number. There's an Account setting that says 'Let others find me by my email address', but not one that says 'Let others find me by my phone number'. Does that setting deal with both? I've no idea - it's not clear.

The good news is that it seems Twitter will limit sharing or giving your phone number to anyone else:

There's still the caveats though - unless required by law, etc etc.

Let's contrast this with Yahoo!'s practice:

The outlined text says, about your phone number: "We'll keep it secure and only text you if you need help with your account".

So Yahoo! get points for saying, at the point they ask for your number, that they won't use your number to market to you. But, they lose points for not making it clear whether they may share or give your number to others. Their privacy policy, like Twitter's, says they'll limit sharing - unless there are court orders or 'to establish or exercise our legal rights or defend against legal proceedings', or 'We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Yahoo!'s terms of use, or as otherwise required by law', etc.

Now consider Google's similar procedure:

This says that "Google will only use this number for account security". Yeeesss! That is exactly what someone who is privacy-conscious like me wants. Although Google introduced 2-factor authentication some time ago, I didn't sign up for it until Google started displaying this message, and now I have. Maybe Google are finally learning to try to be a little more privacy-friendly, after the Buzz and Safari debacles.

But much as I'd like to use 2FA for Twitter, I'm not giving Twitter my mobile number, no way no how - not until Twitter emulates Google and assures me that my number will be used only for authentication and other security purposes. Only. Given the recent opinion on purpose limitation from EU privacy regulators the Article 29 Working Party, doing that would seem to be a sensible move on Twitter's part.

Thursday, 30 May 2013

The UK G-Cloud programme had an 'Amber/red' rating, according to this article. The article was about the recentreport by the Major Projects Authority on the performance of key UK government projects (Government's Major Projects Portfolio, aka GMPP).

But the G-Cloud team has clarified that 'G-Cloud was rated as amber/green for delivery and amber/red for funding'. It would still be helpful, however, to have more info on exactly what's meant by 'for funding'? And if there are different ratings for delivery and funding, why not provide info on both for all projects reviewed?

Amber/Red(A Delivery Confidence Assessment of the project at a fixed point in time, using a five-point scale, Red – Amber/Red – Amber – Amber/Green – Green; the RAG definitions are explained in the MPA Annual Report)

Description / aims

Implementing the Government Cloud, CloudStore (formerly the Applications Store) and rationalising the number of data centres (programme now known as Hosting Services Consolidation) in order to deliver financial savings. Achieved by the delivery of the following action identified in the Government ICT Strategy published in March 2011:* Create a online Applications Store by April 2012* Reduce the cost of data centres across the Government estate leading to a 35% reduction in costs over 5 years. Produce a plan by October 2011 * Publish a Cloud Computing Strategy by October 2011

Departmental narrative, actions on Delivery Confidence Assessment

The Programme has delivered a viable CloudStore supported by an ambitious procurement framework. It has marketed this across a wide range of ICT vendors and the public sector. The concept has clearly generated an enthusiastic response from suppliers, particularly SMEs, that have not previously had access to government. In the last couple of months G-Cloud has started to see exponential growth in sales and anecdotal evidence suggests that it has driven considerable levels of savings through transparent pricing.

The Programme still has a significant number of challenges to overcome to reach its stated savings objectives and its aspiration to fundamentally change central government ICT buying behaviours. In particular, departments have yet to fully change their culture in terms of approach to ICT as old ways of doing things are so deeply engrained. Key to this is a reshaping of the Programme to focus on the commercial aspects of the CloudStore as a retail proposition, improving the user experience and engaging the buying community more directly in the objectives of the programme. Crucial to large scale take-up will be working with departments and the Cabinet Office spending controls team to enforce use of the CloudStore across central government.

Scaling G-Cloud has been difficult to achieve to date due to the team’s focus on the start up activities and the lack of appropriate funds and resources.

Project - start date

31/10/2011

Project - end date

30/06/2015

Departmental narrative on schedule, including any deviation from planned schedule

Departmental narrative on budget/forecast variance for 2012/13(if variance is more than 5%)

To date the G-Cloud Programme has made considerable progress despite limited resources. The challenge now is to fundamentally change government IT buying behaviours and key to this is reshaping the programme to focus on the commercial aspects of the cloudstore as a retail proposition, improving the user experience and engaging the buying community. A commercial business case is being drafted to release funds and headcount to reach the ambitious cultural and financial objectives.

Departmental narrative on budgeted whole life costs

No formal budget has been agreed for the G-Cloud Programme. Initial business case completed in 2011 suggested a budget of £4.93m.

22 October 1981 Dudgeon Right to respect for private life (existence in criminal law of various offences capable of relating to male homosexual conduct in Northern Ireland). Breach of Article 8

25 March 1983 Silver Control of mail by prison authorities. Right to respect for correspondence and freedom of expression: breach of Article 8. No effective domestic remedy: breach of Article 13. Denied access to the courts on account of refusal of two petitions for permission to seek legal advice: breach of Article 6.1

28 June 1984 Campbell and Fell Conduct of disciplinary proceedings; delay in obtaining legal advice (right of access to court, right to respect for correspondence); refusal of independent medical examination. Breach of Articles 6, 8 and 13. No breach of Article 6

28 May 1985 Abdulaziz, Cabales and Balkandali Immigration: discrimination on grounds of sex: breach of Articles 13 and 14 in one respect only. No breach of Articles 3 or 8

17 October 1986 Rees Rights of transsexual: changing sex on birth certificate. No breach of Article 8 or 12

1986 Gillow Interference in right to respect for home in Guernsey: breach of Article 8, regarding application of Housing Control (Extension and Amendment) (Guernsey) Law 1957 by the Housing Authority: no breach of Article 6 or 14

8 July 1987 O Inability to challenge decisions on access rights to children: Breach of Article 6.1. No breach of Article 8

27 April 1988 Boyle and Rice Right to respect for family and private life, home and correspondence. Right to receive visits in prison; right to send

more than one free letter a week; right to have access to telephone and censorship of prison mail: breach of Article 8

30 March 1989 Chappell Terms, content and manner of service of the Anton Pillar Order: no breach of Article 8

7 July 1989 Gaskin Refusal of access to applicants’ child care records; right to respect for private and family life: breach of Article 8. Right to

receive information: no breach of Article 10

30 August 1990 McCallum Various complaints concerning the conditions, correspondence and circumstances of Scottish prisoner’s imprisonment: breach of Article 8

1990 Cossey Birth certificate for transsexual. Under English law applicant cannot claim full recognition of changed status and cannot enter into a valid marriage with a man: no breach of Articles 8 and 12

25 March 1993 Costello Roberts Corporal punishment: no breach of Article 3. Right to respect for private and family life (as a result of corporal punishment): no breach of Article 8. No effective domestic remedies for the complaints: no breach of Article 13

28 February 1994 Boyle Refusal by local authority to allow access to nephew in care and absence of any possibility before entry into force of the Children Act 1989 of applying to courts for access; right to respect for family life (Article 8): friendly settlement

1994 Fayed State investigation into affairs of private company. Inspectors’ report determined civil right to honour and reputation. Denied effective access to a court in determination of this civil right: no breach of Article 6.1. Not necessary to examine: denied effective domestic remedies to challenge findings of Inspectors (Article 13); presumption of innocence (Article 6.2); unjustifiable interference with honour and reputation, right to respect for private life (Article 8); peaceful enjoyment of possessions (Article 1, Protocol No. 1)

28 October 1994 Murray Arrest and detention of six people in Northern Ireland. Right to respect for private and family life and home: no breach of Article 8. No effective remedy: no breach of Article 13. Arrest and questioning of first applicant and detention of five other applicants: no breach of Article 5.1, 5.2, 5.5

24 February 1995 McMichael Parental rights and right of access to custody documents: breach of Article 8. Re. Mrs McMichael, breach of Article 6.1 and 8. Re. Mr McMichael: no legal right to obtain custody of son or participate in the custody or adoption proceedings: no breach of Article 6.1 or 14

26 September 1996 June Buckley Right to live with family in caravans on own land and follow traditional gypsy lifestyle: no breach of Article 8

22 October 1996 Stubbings and Others Denied access to court regarding compensation claims for psychological injury caused by childhood sexual abuse due to operation of Limitation Act 1980: no breach of Article 6. State’s failure to protect right to respect for private life because no civil remedy for childhood abuse: no breach of Articles 8 or 14

19 February 1997 Laskey, Jaggard and Brown Prosecution and conviction of sado-masochists; interference with right to respect for private life: no breach of Article 8

22 April 1997 X,Y and Z Recognition of trans-sexual father of child; right to respect for family and private life because of lack of recognition of first applicant’s role as father to third applicant; resulting situation in which they were placed was discriminatory. Breach of Article 8

25 June 1997 Halford Right to respect for private life and freedom of expression (telephone tapping): breach of Article 8. No effective domestic remedy in relation to the interceptions: breach of Article 13. Sex discrimination: not necessary to examine Article14

9 June 1998 L.C.B Failure to be warned of effects of exposure to radiation (Articles 2 and 3). Subjection to harassment and surveillance (Article 8). Court has no jurisdiction to consider alleged breaches of Articles 2, 3, 8 and 13

10 July 1998 Tinnelly & Sons Ltd and Others and McElduff and Others Denied access to an independent and impartial tribunal; interference with right to respect for private and family life. No jurisdiction to consider breaches of Articles 8, 13 and 14. Victims of discrimination on religious grounds: breach of Article 6.1

30 July 1998 Sheffield and Horsham Failure of State to recognise post-operative transsexuals: no breach of Articles 8, 12 or 14

28 October 1998 Osman Police Immunity, failure to protect lives and prevent harassment of family. No access to court or effective remedy: breach of Article 6.1. No breach of Articles 2 and 8

27 September 1999 Lustig-Prean and Beckett Dismissal of homosexuals from armed forces following investigation into private life: breach of Article 8

27 September 1999 Smith and Grady Dismissal of homosexuals from armed forces following investigation into private life: breach of Article 8; degrading treatment: no breach of Article 3; availability of effective remedy: breach of Article 13

12 May 2000 Khan Absence of legal basis for interception of conversation by listening device on private property: breach of Article 8. Use in criminal proceedings of evidence obtained in breach of Article 8: no breach of Article 6.1. Absence of effective remedy in respect of complaint about interception of conversation: breach of Article 13

20 June 2000 Foxley Redirection of bankrupt’s mail to the trustee in bankruptcy: breach of Article 8

19 September 2000 Glaser Enforcement in Scotland of contact order of English court granting father access to children: no breach of Article 8. Length and fairness of civil proceedings: no breach of Article 6.1. Alleged failure of courts to respect parent’s freedom of religion in child access proceedings: no breach of Article 9

21 December 2000 Varey Refusal of planning permission for gypsies for residential caravan on land owned by them (Arts. 8 and 14): struck off list (friendly settlement)

18 January 2001 Beard Refusal of planning permission for gypsies for residential caravan on land owned by them (Article 8) and alleged discrimination (Article 14): no breach

6 February 2001 Bensaid Inhuman treatment; threatened expulsion of schizophrenic to Algeria: no breach of Articles 3, 8 or 13

27 March 2001 Sutherland Difference in age of consent for homosexual and heterosexual relations (Article 14+8): struck off list

10 May 2001 T.P. and K.M. Failure of social services to involve a parent in decisions on care of child following removal of child due to suspected sexual abuse: breach of Article 8. Access to court (striking out of claims against local authority on ground that no duty of care in exercising statutory powers in relation to child care): no breach of Article 6.1. Lack of effective remedy: breach of Article 13

25 September 2001 P.G and J.H. Absence of legal basis for installing covert listening device in private property; absence of legal basis for covert recording of voice samples at police station: breach of Article 8. Acquisition by police of information on use of private telephone: no breach of Article 8. Non-disclosure of material by prosecution on grounds of public interest immunity: no breach of Article 6.1. Use in criminal proceedings of evidence obtained in breach of Article 8: no breach of Article 6.1. Absence of effective remedy regarding complaints about use of covert listening devices: breach of Article 13

2 October 2001 Hatton and Others Interference with right to respect for private and family lives and the home (from aircraft noise, causing sleep disturbance): breach of Articles 8 and 13

29 April 2002 Pretty Refusal to give advance undertaking not to prosecute husband for assisting wife to commit suicide: no breach of Articles 2, 3, 8 and 9. Alleged discrimination against those physically incapable of committing suicide: no breach of Article 14

4 June 2002 William Faulkner Interference with prisoner’s correspondence: breach of Article 8

11 July 2002 I. Lack of legal recognition of transsexual: breach of Article 8. Impossibility for transsexual to marry: breach of Article 12

24 September 2002 M.G. Refusal of access to records of time spent as child in public care: breach of Article 8

10 October 2002 D.P. & J.C. Alleged failure of social services to protect children from sexual abuse: no breach of Article 3 + 8. Access to court (striking out claims against local authority on ground that no duty of care in exercising statutory powers in relation to child care) : no breach of Article 6.1. Lack of effective remedy: breach of Article 13

22 October 2002 Perkins and R Dismissal of homosexuals from armed forces following investigation into private life: breach of Article 8

10 February 2004 B.B Different treatment of homosexuals and heterosexuals over age of consent: breach of Article 14 + 8

19 February 2004 Martin Covert surveillance of private home by local council: struck off list (friendly settlement)

9 March 2004 Glass Interference by NHS Trust with right to respect for private life (UK law and practice failed to guarantee physical and moral integrity): breach of Article 8

16 November 2004 Wood Interception of covert recordings by police while being held in custody: breach of Article 8; Absence of effective remedy in respect of complaint about interception of conversation: breach of Article 13

19 October 2005 Roche Denied adequate access to a court as a result of the certificate issued by the Secretary of State under section 10 of the Crown Proceedings Act 1947: no breach of Article 6.1; denied access to a “possession” (a claim in negligence against the MoD) until deprived of it, in an unjustified manner, when the Secretary of State issued the section 10 certificate: no breach of Article 1 of Protocol No. 1; Section 10 of the 1947 Act was discriminatory: no breach of Article 14 in conjunction with Article 6 and Article 1 of Protocol No.1; lack of effective remedy: no breach of Article 13 in conjunction with Article 6 and Article 1 of Protocol No. 1; failure to provide information regarding tests in Portadown to allay fears linked to private and family life: breach of Article 8; right to receive information: no breach of Article 10

23 May 2006 Grant Rights of transsexual: lack of legal recognition of her change of gender and the refusal of the Department of Social Security (DSS) to pay her a retirement pension at the age of 60: breach of Article 8; refusal to pay State Pension at 60: no breach of Article 1 of Protocol No.1

20 June 2006 Elahi Absence of legal basis for a covert listening device on private property to obtain material which was subsequently relied on by the prosecution: breach of Article 8

18 July 2006 Keegan Failure by police to take reasonable and available precautions “necessary in a democratic society”: breach of Article 8; lack of effective remedy: breach of Article 13

26 September 2006 Wainwright Strip and intimate body searches when seeking to visit a relative in prison was highly distressing and constituted degrading treatment: no breach of Article 3. Breach of Article 8; unavailability effective remedy: breach of Article 13

3 April 2007 Copland Monitoring activity amounting to an interference with the right to respect for private life and correspondence: breach of Article 8

1 July 2008 Liberty and Others The examination, use and storage of intercepted communications constituted an interference: breach of Article 8

30 September 2008 R.K and A.K. Care order constituted an interference with the right to respect for family life: no breach of Article 8; redress was not available at the relevant time: breach of Article 13

4 December 2008 S. and Marper Retention of fingerprints, cellular samples and DNA profiles interfered with the right to respect for private life: breach of Article 8

2 June 2009 Szuluk Monitoring of medical correspondence whilst in prison breached right to respect for correspondence and private life: breach of Article 8

24 November 2009 Omojudi Deportation to Nigeria violated right to respect for family and private life: breach of Article 8

12 January 2010 Gillan and Quinton The powers of stop and search constituted interferences with their right to respect for private life: breach of Article 8

12 January 2010 Khan A.W. Deportation to Pakistan violated right to respect for family and private life: breach of Article 8

16 March 2010 A.D. and O.D. Decision to take the second applicant into local authority care violated their rights: breach of Article 8; absence of effective remedy: breach of Article 13 in conjunction with Article 8 in relation to first applicant; absence of effective remedy: no breach of Article 13 in relation to second applicant

23 March 2010 M.A.K. and R.K. Separation during the ten days that the second applicant was in hospital violated their right to respect for their private and family life: breach of Article 8 in relation to first and second applicant; withdrawal of legal aid deprived second applicant of a effective remedy within the national legal system for the complaint under Article 8: breach of Article 13 in relation to first applicant

21 September 2010 Kay and Others Leases of housing units provided to applicants by charitable housing trust under special scheme terminated by Lambeth B.C. Applicants complained of possession proceedings brought against them and inability to challenge possession orders: breach of Article 8

10 May 2011 Mosley Absence of legal duty on media to notify in advance the subjects of intended publications: no breach of Article 8.

31 May 2011 R. and H. Freeing order a disproportionate interference with the parents’ rights; procedurally improper for a freeing order to be made in advance of an adoption order: no breach of Article 8 and no separate issue arising under Article 6.

20 September 2011 A.A. Removal to Nigeria following conviction and release on licence: breach of Article 8 in the event of deportation.

27 September 2011 Bah Local authority refusal to prioritise social housing request of Sierra Leonean national: no breach of Article 14 taken in conjunction with Article 8.

20 December 2011 A. H. Khan Deportation to Pakistan following history of offending: no breach of Article 8.

[Added by KH 16 June 2013] 7 February 2012 Axel Springer AG v Germany When right to reputation under Article 8 is engaged, balancing Articles 8 and 10, and when ECHR substitutes its views for domestic courts'. Inforrm write-up.

14 February 2012 Hardy and Maile Failure to assess marine pollution risk from operation of liquefied natural gas terminals and to disseminate relevant information: no breach of Article 8.

13 March 2012 Y.C. Failure to order assessment of claimant as sole carer for son and to have regard to all relevant considerations when making placement order: no breach of Article 8.

10 April 2012 Balogun Deportation to Nigeria following serious drugs-related convictions: no breach of Article 8.

17 July 2012 Munjaz Applicant’s placement in seclusion at Ashworth Special Hospital: no breach of Article 5; no breach of Article 8.

[Added by KH 16 June 2013] 9 Oct 2012 Alkaya v Turkey (French only) - disclosure of the home address of a Turkish actress in a newspaper article was a breach of Article 8. Inforrm write-up.

6 November 2012 Hode and Abdi Inability of immigrants with limited leave to remain as refugees to be joined by post-flight spouses: breach of Article 14 in conjunction with Article 8.

13 November 2012 M.M. Retention of caution on criminal record for life: breach of Article 8. [Request for referral to Grand Chamber pending.]

13 November 2012 Van Colle Fatal shooting of a prosecution witness by accused in theft proceedings: no breach of Articles 2 or 8. [Request for referral to Grand Chamber pending.]

[Added by KH 16 June 2013] Ageyvey v Russia ([2013] ECHR 346) breaches of Article 8. Allegations of child abuse by parents of an adopted child. In particular, failure adequately to investigate the unauthorised disclosure of confidential information, and failure to protect the right to reputation of a parent suspected of child abuse. Inforrm write-up.